Redhat 6 Bind/Wink 2k IIS DHCP
Simon Waters
Simon at wretched.demon.co.uk
Mon Nov 3 23:08:57 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Icarus wrote:
>
> Is it possible to use a NAT for DNS? I have a redhat 6 box with bind
> on it. I am not sure the version. I was thrown in the middle of this
> so please bear with me.
Redhat 6 is likely to have an OLD version of BIND, unless it has been
maintained lovingly, in which case why is it still running Redhat 6 ;)
[I still have Redhat 6 and 7 boxes at work, and home, so more TLC needed
here as well].
> I have setup a NAT with our ISP to point my DNS's public IP to a
> private one behind our firewall. I then set the DNS server with a
> private IP. My question is can my DNS server still be seen by the
> world with using NAT? I punched the appropriate holes in the firewall
> for it.
Yes DNS is an application, it doesn't care about the IP address
happening at the network levels, so as long as you forward the port 53
traffic correctly it should work fine, although you only ever provide
public IP addresses to the Internet.
So if this is your master name server, it may have a NS record, and A
record in it's own domain, the A record should point to the public IP on
the NAT device, so that queries come in on port 53 to the NAT device for
forwarding.
This can make it harder for caching nameservers behind the NAT device to
find this nameserver, that requires a little bit of planning if it is a
problem for you.
In general I'd say try to avoid this, NAT is usually part of the
firewalling of a site, and punching incoming holes in a firewall, when
you can easily push the data to some external DNS hosting service is bad
karma.
Where did WinK 2k IIS DHCP enter into your question?
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/puAGGFXfHI9FVgYRApPVAJ9V86KT0eeOoh/okj06q5ENobW+CgCgweqA
5v4vARgrJWoYFwFRZ1sWtfQ=
=QHbv
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list